emotet

General

Target

435b7c3fa98486e9fd2e20a2031e3a35187b11d1fdb90be194c2db30f963d2ad
Size

530KB
Sample

220707-25pr1afhfp
MD5

2a6c3f75e09872589dc04487f8cde619
SHA1

5fe7a7927d6581f3816fd7058c4cf07804f2c677
SHA256

435b7c3fa98486e9fd2e20a2031e3a35187b11d1fdb90be194c2db30f963d2ad
SHA512

6f6ec1261cc20c838cbd36702b67bcbe1314e5fc5d68f1a6a0e962e92d5f7da1a99032b08149104b70708d766b03383ccee613562e114e6e05fdbd36ca15f2cb

Score

10^/10

Malware Config

Extracted

Family

emotet

Botnet

Epoch2

C2

80.11.163.139:443

186.75.241.230:80

181.143.194.138:443

77.237.248.136:8080

185.142.236.163:443

63.142.253.122:8080

178.254.6.27:7080

92.222.125.16:7080

94.205.247.10:80

46.105.131.87:80

37.157.194.134:443

149.202.153.252:8080

182.176.106.43:995

180.183.112.185:21

78.24.219.147:8080

41.220.119.246:80

212.71.234.16:8080

87.106.136.232:8080

104.131.11.150:8080

31.12.67.62:7080

rsa_pubkey.plain

Targets

- Target
  
  435b7c3fa98486e9fd2e20a2031e3a35187b11d1fdb90be194c2db30f963d2ad
- Size
  
  530KB
- MD5
  
  2a6c3f75e09872589dc04487f8cde619
- SHA1
  
  5fe7a7927d6581f3816fd7058c4cf07804f2c677
- SHA256
  
  435b7c3fa98486e9fd2e20a2031e3a35187b11d1fdb90be194c2db30f963d2ad
- SHA512
  
  6f6ec1261cc20c838cbd36702b67bcbe1314e5fc5d68f1a6a0e962e92d5f7da1a99032b08149104b70708d766b03383ccee613562e114e6e05fdbd36ca15f2cb
Score

10^/10

emotet epoch2 banker trojan
- Emotet
  Emotet is a trojan that is primarily spread through spam emails.
  trojan banker emotet
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in System32 directory

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2